burger icon
Griffon United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how AG Communications Limited, operating the Griffon brand for UK players under the internal profile Griffon through the website griffoncoi.com (the "Site"), collects, uses, discloses, and protects your personal data. It applies to visitors to the Site, players who open and use an account, and anyone who otherwise interacts with our services. This Privacy Policy is effective from 6 January 2026 and replaces any previous versions, including the version dated 6 November 2025.

By visiting griffoncoi.com, registering an account, or using our products and services, you acknowledge that you have read this Privacy Policy and understand how we process your personal data in accordance with the UK GDPR, the Data Protection Act 2018, and other applicable UK laws and regulations.

Who We Are

OBSERVE: This section identifies the entities responsible for your data and how you can contact us. EXPAND: We clarify our regulatory context and data protection roles. REFLECT: This ensures you know who controls your data and how to exercise your rights.

Data Controller

The primary data controller for personal data collected via griffoncoi.com for UK players is:

  • Company name: AG Communications Limited ("AG Communications")
  • Role: Licensed operator of the Griffon brand for UK customers, under internal profile name Griffon
  • Registered address: High Street, Sliema SLM 1549, Malta
  • Regulator (UK): UK Gambling Commission ("UKGC")
  • UKGC licence number: 39483 (Remote Gaming Licence for UK-facing online casino operations)

Certain platform and back-office services may be provided by our parent company, Aspire Global International LTD, and other group companies. Depending on the service, they may act as our data processors or, in limited cases, as joint controllers, always under appropriate contractual safeguards.

Contact for Privacy Matters

If you have questions about this Privacy Policy or how your personal data is processed, you can contact us using the details below:

  • Data Protection contact: Data Protection Officer (DPO), AG Communications Limited
  • Postal address: Data Protection Officer, AG Communications Limited, High Street, Sliema SLM 1549, Malta
  • Email (privacy enquiries): privacy@griffoncoi.com
  • Website: https://griffoncoi.com (see "Contact Us" or "Help" sections)

Regional compliance note: For UK players using Griffon on griffoncoi.com, AG Communications Limited is responsible for your personal data and complies with the UK GDPR, Data Protection Act 2018, and applicable UKGC licence conditions.

What Personal Data We Collect

OBSERVE: We collect data needed to provide regulated online gambling services. EXPAND: This includes identity, technical, financial, and behavioural information. REFLECT: We only collect what is necessary for lawful and transparent purposes.

Identity and Contact Data

  • Examples: Full name, date of birth, gender, nationality, residential address, email address, telephone number, username and password, account identifiers, proof-of-age information.
  • Why collected: To create and manage your account, verify your identity, confirm you are over 18, and ensure you are permitted to gamble under UK law and our licence 39483.

Verification, KYC and AML Data

  • Examples: Copies of identity documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), income and source-of-funds information, occupation, information from public databases or credit reference agencies, sanctions and politically exposed person (PEP) checks.
  • Why collected: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, responsible gambling checks, affordability assessments, and UKGC requirements (including GamStop self-exclusion checks).

Financial and Transaction Data

  • Examples: Payment card details (tokenised where possible), e-wallet identifiers, bank account details (where applicable), deposits, withdrawals, bonuses, wagering and game transactions, balances, chargebacks, and payment disputes.
  • Why collected: To process payments, issue refunds and winnings, prevent fraud, comply with financial and AML reporting obligations, and support dispute resolution.

Gameplay and Behavioural Data

  • Examples: Game selections, bet sizes, session times, outcomes, bonuses used, self-exclusion status (including GamStop), reality checks, limits set, communication history, in-game behaviour and patterns linked to responsible gambling monitoring.
  • Why collected: To provide the gaming service, tailor player experience, monitor for problem gambling indicators, manage bonuses, and detect fraud or abuse across the AG Communications network of UK-facing brands.

Technical and Usage Data

  • Examples: IP address, device identifiers, operating system, browser type and settings, language preference, time zone, session logs, clickstream data, login timestamps, device fingerprinting data, approximate location derived from IP.
  • Why collected: To secure accounts, enforce territorial restrictions, prevent fraud and bonus abuse, troubleshoot technical issues, and improve site performance at griffoncoi.com.

Marketing and Communication Data

  • Examples: Marketing preferences (email, SMS, phone, push notifications), opt-in/opt-out records, open and click-through rates for campaigns, participation in promotions.
  • Why collected: To send you marketing communications (where permitted), manage your preferences, and measure the effectiveness of our campaigns.

Cookies and Similar Technologies

  • Examples: Cookies, web beacons, pixels, SDKs, and similar tracking technologies that may log your browsing behaviour on griffoncoi.com and our marketing partners' sites.
  • Why collected: To operate the Site, remember your choices, perform analytics, detect fraud, and, with your consent where required, provide personalised content and advertising. For more details, see the "Cookies & Tracking Technologies" section below.

Legal Basis for Processing

OBSERVE: We process personal data under specific legal grounds. EXPAND: These are based on the UK GDPR, Data Protection Act 2018, and related UK regulations. REFLECT: Understanding our legal bases helps you understand your rights.

Performance of a Contract

  • Scope: Processing necessary to enter into and perform our contract with you, including the Terms & Conditions at https://griffoncoi.com/info/terms/.
  • Examples: Creating and managing your account, processing deposits and withdrawals, providing games and promotions, administering loyalty schemes, and providing customer support.

Compliance with Legal Obligations

  • Scope: Processing required to comply with laws and regulatory requirements applicable to AG Communications as a UKGC-licensed operator and Malta-based company.
  • Examples: Age and identity verification, AML and counter-terrorist financing checks, record-keeping obligations (including retention of transaction data), reporting to regulators and law enforcement, adherence to UKGC Licence Conditions and Codes of Practice, participation in GamStop and use of IBAS as ADR provider.

Legitimate Interests

  • Scope: Processing necessary for our legitimate interests or those of third parties, provided such interests are not overridden by your rights and freedoms.
  • Examples: Securing our systems and the Site, preventing and detecting fraud and bonus abuse (including network-wide risk management across related brands), protecting the integrity of games, performing analytics and service optimisation, enforcing our terms, and handling routine business operations. Where required, we perform legitimate-interest assessments.

Consent

  • Scope: Processing based on your explicit, informed consent, which you can withdraw at any time.
  • Examples: Sending electronic marketing communications where consent is required, using certain non-essential cookies and similar technologies as described in our cookie tools, and, in rare cases, using sensitive information (for example, health-related data you disclose in relation to responsible gambling support) when permitted by law.

Vital Interests and Legal Claims

  • Scope: Processing necessary to protect your vital interests or those of another person, or to establish, exercise, or defend legal claims.
  • Examples: Sharing information where we believe there is a risk of serious harm, cooperating with law enforcement to prevent crime, or retaining data for the duration of a dispute or regulatory investigation.

Regional compliance note: For UK users of Griffon on griffoncoi.com, we apply the legal bases under the UK GDPR; where EU or other laws (such as Mexican law) apply to specific users, we align our approach so that equivalent protections are maintained.

Purpose of Processing

OBSERVE: We use your data for clearly defined purposes. EXPAND: These purposes cover service delivery, compliance, risk management, and marketing. REFLECT: We avoid incompatible uses and rely on appropriate legal bases for each purpose.

Providing and Managing Your Account and Services

  • Account operations: To register and authenticate you as a player, operate your Griffon account at griffoncoi.com, manage balances, and provide access to games and features under the Griffon profile.
  • Customer support: To respond to queries, handle complaints, manage responsible gambling interactions, and provide technical assistance.

Regulatory Compliance and Responsible Gambling

  • KYC/AML and regulatory duties: To fulfil our obligations under UK law, UKGC licence 39483, AML regulations, sanctions rules, and other compliance frameworks, including record-keeping and reporting.
  • Responsible gambling: To monitor your activity for signs of problem gambling, offer tools such as limits and reality checks, honour self-exclusions (including GamStop), and maintain network-level restrictions where necessary.

Risk Management, Fraud and Abuse Prevention

  • Fraud detection: To prevent and investigate fraud, collusion, money laundering, bonus abuse, chargebacks, account takeovers, and other unlawful or improper activities.
  • Network-level controls: To apply certain risk and bonus-related controls across the AG Communications network of UK-facing brands, in line with our legitimate interests and regulatory expectations.

Service Improvement and Analytics

  • Performance analysis: To analyse usage patterns, game performance, and website functionality, and to develop new features and offerings.
  • Quality assurance: To run internal reporting and audits, improve customer journeys, and maintain a secure and reliable platform.

Marketing and Personalisation

  • Marketing communications: To send you offers, bonuses, and updates by email, SMS, phone, push notifications, or other channels, in line with your preferences and applicable laws (including the Privacy and Electronic Communications Regulations in the UK).
  • Personalised content: To present tailored promotions and recommendations based on your gameplay and preferences, where permitted by law and your settings.

Regional compliance note: In all cases, our use of your data is limited to purposes compatible with the ones listed here and subject to the UK GDPR principles of lawfulness, fairness, transparency, data minimisation, and storage limitation.

Disclosure & Sharing

OBSERVE: We must share data with certain third parties to operate a regulated online casino. EXPAND: We outline each category of recipient and why sharing occurs. REFLECT: We do not sell your personal data and only share it under safeguards and lawful bases.

Group Companies and Service Providers

  • Group entities: Aspire Global International LTD and other AG Communications group companies that provide platform, payment, risk management, or customer support services under strict data protection agreements.
  • IT and hosting providers: Companies that host our servers, provide cloud services, security tools, analytics, and technical infrastructure for griffoncoi.com.
  • Game and content providers: Licensed game studios and software suppliers needed to deliver casino games and related content.

Payment and Financial Partners

  • Payment processors: Card payment processors, banks, e-wallet providers, and other financial institutions required to process deposits, withdrawals, and refunds.
  • Fraud and AML partners: Anti-fraud and AML screening providers, identity verification services, credit reference agencies, and transaction monitoring tools.

Regulators, Schemes and Dispute Bodies

  • Regulators and authorities: The UK Gambling Commission, financial intelligence units, law enforcement, tax authorities, and other public authorities where we are required or permitted by law to disclose data.
  • Self-exclusion schemes: GamStop and similar mandatory schemes, to ensure that self-exclusions and related restrictions are properly applied.
  • Alternative Dispute Resolution (ADR): The Independent Betting Adjudication Service (IBAS) or other ADR entities, where they handle disputes between you and us regarding gambling outcomes or related issues.

Marketing and Advertising Partners

  • Marketing services: Email, SMS, and campaign management providers engaged to deliver and analyse our marketing communications in line with your preferences.
  • Advertising and analytics partners: Third-party partners that provide analytics, advertising, and retargeting services, including via cookies and similar technologies, only where permitted by law and subject to your consent where required.

Corporate Transactions and Legal Claims

  • Business transfers: In the event of a merger, acquisition, reorganisation, or sale of assets involving AG Communications or the Griffon brand, personal data may be disclosed to prospective or actual purchasers and their advisers, subject to confidentiality obligations.
  • Legal claims: Lawyers, auditors, and professional advisers may receive data where necessary to establish, exercise, or defend legal or regulatory claims.

Regional compliance note: All disclosures are carried out in accordance with the UK GDPR and applicable UK laws. Where required, we enter into appropriate data processing agreements and apply international transfer safeguards as described below.

International Transfers

OBSERVE: As an operator based in Malta and active in the UK, we may process data in multiple jurisdictions. EXPAND: We rely on recognised safeguards when transferring data outside the UK. REFLECT: These measures ensure your data remains protected regardless of location.

Where Your Data May Be Processed

  • Primary locations: The UK, Malta, and other European Economic Area (EEA) countries, where AG Communications and its service providers host systems and provide services.
  • Other countries: Trusted service providers may be located in countries outside the UK and EEA (for example, in jurisdictions where our group or technical partners maintain operations), subject to appropriate safeguards.

Safeguards for International Transfers

  • Adequacy decisions: Where personal data is transferred from the UK to a country recognised by the UK government as providing an adequate level of protection, no further safeguards are required.
  • Standard contractual clauses and UK addenda: For other countries, we use standard contractual clauses and/or the UK International Data Transfer Addendum or International Data Transfer Agreement, combined with technical and organisational measures.
  • Additional measures: We assess the legal environment of recipient countries and implement additional safeguards (such as encryption and access controls) where necessary.

Regional compliance note: You may contact us for more information about the safeguards used for international transfers relating to Griffon activity on griffoncoi.com, including copies of relevant standard contractual clauses, where legally permissible.

Data Retention

OBSERVE: We retain data only as long as necessary. EXPAND: Retention periods reflect legal obligations, regulatory expectations, and business needs. REFLECT: When data is no longer required, we securely delete or anonymise it.

General Retention Principles

  • Legal and regulatory requirements: UK gambling and AML laws require us to keep certain records for minimum periods (for example, typically five years after the end of the business relationship or last transaction, and sometimes longer for AML or legal claims).
  • Business needs: We retain data for as long as necessary to provide services, respond to queries, manage disputes, and maintain accurate records.
  • Minimisation: Where possible, we anonymise or aggregate data so that it no longer identifies you.

Indicative Retention Periods

Data category Typical retention period Rationale
Account and identity data Up to 5 years after account closure or last activity, unless a longer period is required by law or for disputes Regulatory obligations, AML, responsible gambling, and defence of legal claims
Financial and transactional data At least 5 years from the date of the last relevant transaction AML and tax laws, UKGC licence conditions, accounting requirements
Gameplay and behavioural data Up to 5 years after account closure or last activity, subject to longer retention where required (e.g. investigations) Responsible gambling, fraud prevention, regulatory investigations
Marketing data and preferences Until you withdraw consent or object, plus a short period to record your choice Proof of compliance with marketing and consent requirements
Technical logs and security data From a few months up to 5 years, depending on the log type Security, troubleshooting, fraud detection, and compliance audits

Deletion and Anonymisation

  • Deletion criteria: We securely delete or anonymise personal data when retention periods expire, when data is no longer needed, or when you request deletion and we have no overriding legal grounds to retain it.
  • Backups and archives: Data contained in secure backups may be retained for limited periods and, when restored, will be handled in line with this Privacy Policy.

Your Rights

OBSERVE: You have specific rights regarding your personal data. EXPAND: These rights arise primarily under the UK GDPR and, where applicable, other laws such as the EU GDPR and Mexican data protection rules. REFLECT: We provide clear procedures for exercising these rights free of charge.

Rights Under UK and EU Data Protection Law

  • Right of access: You can request confirmation whether we process your data and obtain a copy of your personal data and key information about our processing.
  • Right to rectification: You can ask us to correct or complete inaccurate or incomplete personal data, for example, updating your address or contact details.
  • Right to erasure ("right to be forgotten"): You can request deletion of your data where it is no longer necessary for the purposes collected, where you withdraw consent and there is no other legal basis, or where processing is unlawful. We may retain certain data where required by law or to defend legal claims.
  • Right to restriction: You can ask us to restrict processing in certain circumstances (for example, while we verify accuracy or objections), limiting how we use your data.
  • Right to data portability: You can request certain data in a structured, commonly used, and machine-readable format and have it transmitted to another controller where technically feasible, when processing is based on consent or contract and carried out by automated means.
  • Right to object: You can object to processing based on our legitimate interests, including profiling, and we will stop unless we have compelling legitimate grounds. You always have an absolute right to object to direct marketing.
  • Rights related to automated decisions: Where we use automated decision-making that produces legal or similarly significant effects (for example, certain risk or affordability assessments), you may request human review and contest the decision, in line with legal requirements.
  • Right to withdraw consent: Where we rely on consent, you can withdraw it at any time (for example, for marketing or certain cookies), without affecting previous lawful processing.

Alignment with Mexican Data Protection Principles (Where Applicable)

While griffoncoi.com and Griffon are primarily aimed at the UK market, if Mexican data protection law applies to you, we aim to align with the principles of the Mexican Federal Law on Protection of Personal Data Held by Private Parties ("LFPDPPP"). In particular, you may have ARCO rights:

  • Access: Similar to the right of access described above, enabling you to know what data we hold and how it is used.
  • Rectification: The ability to request correction of inaccurate or incomplete data.
  • Cancellation (erasure): The ability to request that we stop processing and delete personal data, subject to legal and regulatory retention obligations.
  • Opposition: The ability to object to certain processing, including for marketing or profiling, aligned with your rights under UK/EU frameworks.

Where both UK/EU and Mexican rules apply, we will seek to provide a level of protection that meets the higher standard, subject to mandatory local legal requirements.

How to Exercise Your Rights

  • Contact: Submit your request via email at privacy@griffoncoi.com or through the contact channels provided on griffoncoi.com. Please clearly state that your request concerns "data protection rights".
  • Verification: We may require information to verify your identity (for example, confirming account details or asking for identification) before actioning your request.
  • Response time: We aim to respond within one month (30 days) of receiving a valid request. This may be extended by up to two further months for complex or multiple requests, in which case we will inform you of the delay and reasons.
  • Cost: Requests are processed free of charge. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, as permitted by law.

Regional compliance note: You also have the right to lodge a complaint with a supervisory authority, as described in the "Complaints & Contacts" section below, if you are dissatisfied with how we handle your personal data.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies on griffoncoi.com. EXPAND: These serve functional, analytical, and advertising purposes. REFLECT: You can manage your choices using browser settings and our internal tools.

Types of Cookies We Use

  • Strictly necessary cookies: Essential for the Site to function (for example, to keep you logged in, to balance load across servers, to comply with security requirements). These cannot be switched off via our cookie tools.
  • Functional cookies: Remember your preferences (such as language, region, or display settings) and enhance your experience.
  • Analytics and performance cookies: Collect aggregated information about how visitors use the Site (pages visited, errors encountered, response times) to improve performance and usability.
  • Advertising and targeting cookies: Used, where permitted, to deliver personalised adverts, measure campaign effectiveness, and limit the number of times you see the same advert. These may be set by us or by our advertising partners.

Managing Cookies

  • Cookie banner and settings: On your first visit to griffoncoi.com, and periodically thereafter, you may see a banner or panel allowing you to consent to or reject non-essential cookies. You can change your preferences at any time via our internal cookie settings panel (where available).
  • Browser controls: You can configure your browser to block or delete cookies. Please note that disabling certain cookies may affect site functionality, including the ability to log in or remain logged in.
  • Third-party cookies: Third-party providers may set cookies when you interact with their content or adverts on our Site. Their use of data is governed by their own privacy and cookie policies.

Regional compliance note: We implement cookie consent mechanisms in line with UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR transparency requirements.

Data Security

OBSERVE: Protecting your data is essential for a regulated casino operator. EXPAND: We implement technical and organisational measures to secure data in transit and at rest. REFLECT: Although no system is perfectly secure, we continually work to reduce risk.

Technical Measures

  • Encryption in transit: Data transmitted between your device and griffoncoi.com is protected using Transport Layer Security (TLS) 1.2 or higher, helping to prevent interception.
  • Encryption at rest: Where appropriate, we encrypt or pseudonymise personal data stored on our systems and databases.
  • Access controls: Access to personal data is restricted to authorised personnel who require it to perform their duties, using strong authentication methods and role-based permissions.
  • Network and application security: Firewalls, intrusion detection and prevention systems, anti-malware tools, and security-hardening practices are used to protect our infrastructure.

Organisational Measures

  • Policies and training: Staff are subject to confidentiality obligations and receive regular training on data protection, information security, and responsible handling of customer data.
  • Vendor management: We carry out due diligence and maintain contracts with service providers that include appropriate data protection and security obligations.
  • Security governance: Our security framework is aligned with recognised industry standards (such as ISO 27001-type controls), and we review and update controls based on risk assessments.

Incident Response

  • Monitoring: Systems are monitored for suspicious activity, attempted attacks, or unusual patterns that may indicate a security incident.
  • Breach handling: In the event of a personal data breach, we will investigate promptly, mitigate any adverse effects, and notify affected individuals and regulators (such as the UK Information Commissioner's Office) where required by law.

Regional compliance note: Security measures for Griffon on griffoncoi.com are designed to meet UK GDPR requirements and UKGC expectations for secure handling of player information.

Complaints & Contacts

OBSERVE: You are entitled to raise questions or complaints about our data practices. EXPAND: We provide internal and external escalation routes. REFLECT: This ensures independent oversight and redress mechanisms where needed.

Contacting Us First

  • Customer support: For general issues or concerns, please contact our customer support team using the channels provided on griffoncoi.com.
  • Privacy-specific concerns: If your issue relates specifically to privacy or data protection, please write to our Data Protection Officer at privacy@griffoncoi.com or by post to: Data Protection Officer, AG Communications Limited, High Street, Sliema SLM 1549, Malta.

Our Complaint Handling Process

  1. Submission: You submit your concern or complaint via email, post, or our online channels, describing the nature of your issue and any relevant account details.
  2. Acknowledgement: We will acknowledge receipt of your complaint, normally within a few working days.
  3. Investigation: We will investigate your complaint, which may include reviewing logs, communications, and technical records, and contacting you for additional information where necessary.
  4. Response: We aim to provide a substantive response within 30 days. For more complex complaints, we will keep you informed of progress and explain any delay.

Supervisory Authorities and Other Bodies

  • UK Information Commissioner's Office (ICO): If you are in the UK and are dissatisfied with our response, you can lodge a complaint with the ICO:
    Website: https://ico.org.uk
  • EU data protection authorities: If you are in the EEA and EU data protection law applies to you, you may contact your local data protection authority; contact details are available via national government or https://edpb.europa.eu.
  • Mexican data protection authority: If Mexican data protection law applies, you may contact the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI):
    Website: https://home.inai.org.mx
  • Alternative Dispute Resolution (ADR) for gambling disputes: For disputes about gambling transactions or outcomes, you may refer your complaint to IBAS (Independent Betting Adjudication Service), our designated ADR provider under our UKGC licence:
    Website: https://ibas-uk.com/

Regional compliance note: Using our internal complaint process does not limit your right to complain directly to a supervisory authority. However, we encourage you to contact us first so we can attempt to resolve any issues swiftly.

Updates

OBSERVE: Privacy laws and business practices evolve over time. EXPAND: We may update this Privacy Policy to reflect changes. REFLECT: We will notify you appropriately and give you options in the event of material changes.

How and Why We Update This Policy

  • Reasons for changes: To reflect changes in law, regulatory guidance, our services, or our internal practices relating to Griffon operations on griffoncoi.com.
  • Version control: Each version of this Privacy Policy is dated, and we maintain records of prior versions for accountability and transparency.

Notification of Changes

  • Material changes: Where we make significant changes that affect how your data is processed, we will provide prominent notice, which may include email notifications, in-account messages, and banners on griffoncoi.com.
  • Advance notice: Where required or appropriate, we will give you at least 30 days' notice before material changes take effect, especially if they involve new purposes or legal bases for processing.
  • Your options: If you do not agree with changes, you may close your account and request deletion of your data, subject to our legal retention obligations. Continued use of the Site after changes take effect may constitute acceptance of the updated policy.

Current Version

This Privacy Policy applies to personal data processed in connection with the Griffon brand for UK players under the internal profile Griffon on griffoncoi.com.

Last updated: 6 January 2026 (replacing the version dated 6 November 2025).